Google redirection localhost.world

Page 3 of 12 FirstFirst 12345 ... LastLast

  1. Posts : 456
    Windows 10 Pro
       #21

    Play around with windows firewall. You should easily be able to setup a new rule to block connections to the site/ip if it's still trying to redirect you.
      My Computers


  2. Posts : 21
    10 64bit
       #22

    nakiel said:
    It came back! Currently been testing "HitmanPro" for a couple of days; no relapse yet...

    Found this in registry:
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]
    "AutoConfigURL"="http://localhost.world/localhost.host"
    After deleting that registry key, my proxy settings have stayed default. Today I saw a blank command prompt window open for a second and then Chrome was closed. I opened Chrome settings and saw this message: Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults.

    Your system still running fine? I did run HitmanPro but it only found cookies on my system. What did it find on yours?
      My Computer


  3. Posts : 456
    Windows 10 Pro
       #23

    Out of curiosity, have any of you tried a "rescue disc" yet? Several AV's offer them for those tough to clean viruses.

    I usually recommend comodo rescue disk but I'm sure almost any AV offers them.
    Comodo Rescue Disk for Windows, Download Rescue Disk Software
      My Computers


  4. Posts : 2
    Windows 10
       #24

    I am also having this EXACT problem. I have the same registry key listed above and cleared it just now (thanks, this is the only thing I have missed so far), otherwise I have run all the suggested fixes and tools to no avail. Glad I found this thread and that I am not the only one with the issue. I will update on the status of what happens with mine.
      My Computer


  5. Posts : 21
    10 64bit
       #25

    vgchat said:
    Out of curiosity, have any of you tried a "rescue disc" yet? Several AV's offer them for those tough to clean viruses.

    I usually recommend comodo rescue disk but I'm sure almost any AV offers them.
    Comodo Rescue Disk for Windows, Download Rescue Disk Software
    I spent the better part of my afternoon the other day trying to get these rescue disks to work. They are a real pain in the butt. Could not get Kaspersky to run at all. I got Comodo to work finally using Yumi and did a full scan of my system, found nothing. I also ran a full scan with Spybot on monday and it found some minor stuff, probably unrelated. My only issue now is that sometimes Chrome will be closed when I come back to my computer. One time I witnessed it happening where a blank command line window opened and Chrome closed. I would love to delete the program that's causing that to happen
      My Computer


  6. Posts : 16,325
    W10Prox64
       #26

    mixolyd said:
    I spent the better part of my afternoon the other day trying to get these rescue disks to work. They are a real pain in the butt. Could not get Kaspersky to run at all. I got Comodo to work finally using Yumi and did a full scan of my system, found nothing. I also ran a full scan with Spybot on monday and it found some minor stuff, probably unrelated. My only issue now is that sometimes Chrome will be closed when I come back to my computer. One time I witnessed it happening where a blank command line window opened and Chrome closed. I would love to delete the program that's causing that to happen
    Please download and run ADWCleaner. There is a way to save the scan so you can post it here for me (can't remember the steps exactly, but you'll be able to figure it out easily) - do this BEFORE cleaning. ADWCleaner is a powerful program and sometimes it will flag things for deletion that you don't want deleted. So, I'd like to have a look at the scan results before you do any cleaning.

    EDIT: Click on the REPORT button after running the scan and post that logfile here in the thread (not as an attachment).
      My Computer


  7. Posts : 21
    10 64bit
       #27

    simrick said:
    Please download and run ADWCleaner. There is a way to save the scan so you can post it here for me (can't remember the steps exactly, but you'll be able to figure it out easily) - do this BEFORE cleaning. ADWCleaner is a powerful program and sometimes it will flag things for deletion that you don't want deleted. So, I'd like to have a look at the scan results before you do any cleaning.

    EDIT: Click on the REPORT button after running the scan and post that logfile here in the thread (not as an attachment).
    I ran ADWcleaner several days ago. It only found cookies, I think. Pretty sure I fixed everything it found. I found the logfile from that. Not sure what Report button you are talking about? Here is the log:

    # AdwCleaner v5.025 - Logfile created 13/12/2015 at 12:24:11
    # Updated 13/12/2015 by Xplode
    # Database : 2015-12-13.2 [Server]
    # Operating system : Windows 10 Pro (x64)
    # Username : Michael - MOTHERSHIP
    # Running from : D:\Michael\Downloads\adwcleaner_5.025.exe
    # Option : Cleaning
    # Support : Forum - ToolsLib


    ***** [ Services ] *****




    ***** [ Folders ] *****


    [-] Folder Deleted : C:\Program Files\Common Files\Speedbit
    [-] Folder Deleted : C:\ProgramData\Speedbit
    [-] Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
    [-] Folder Deleted : C:\Users\Michael\AppData\Roaming\Speedbit


    ***** [ Files ] *****


    [-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
    [-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
    [-] File Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam


    ***** [ DLLs ] *****




    ***** [ Shortcuts ] *****




    ***** [ Scheduled tasks ] *****




    ***** [ Registry ] *****


    [-] Key Deleted : HKCU\Software\Classes\CLSID\{AD4409E5-23C2-412B-849D-8FC0635B4073}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{AEE9D70C-6C9E-4B27-9F2C-8F14E95BEEF6}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{DD20920E-515A-4342-85E3-FC9A9FDA55C2}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{92FDEF05-B35E-4806-B87F-8B66AB649997}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{9F0BF664-B611-4C53-AEEA-FDBFCE6E3CA3}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{A8BD93E8-F6AE-4F02-828D-DE47FEC4D375}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
    [-] Key Deleted : HKCU\Software\SpeedBit
    [-] Key Deleted : HKCU\Software\Online video player


    ***** [ Web browsers ] *****


    [-] [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pbjikboenpfhbbejgkoklgkhjpfogcam
    [-] [C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com


    *************************


    :: "Tracing" keys removed
    :: Winsock settings cleared


    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4226 bytes] ##########
    Google redirection localhost.world Attached Files
      My Computer


  8. Posts : 16,325
    W10Prox64
       #28

    Okay, let's try this:


    Uninstall all Toolbars on the system. (all users)
    Uninstall all torrenting/P2P file sharing programs.
    Uninstall all downloader programs.
    Run RKILL - post the log. (RKILL will stop all malicious and suspect running items, reset hosts, etc. It is temporary. Anything that RKILL does is undone by a reboot.)
    Run ADWCleaner again and post the new log here.
    Run JRT
    Reset all browsers on the system...Reset Edge browser
    Flush DNS
    Set your network adapter(s) to Open DNS servers:
    IPv4 = 208.67.222.222 and 208.67.220.220
    IPv6 = 2620:0:ccc::2 and 2620:0:ccd::2
    Reboot the computer.
    Run RKILL again. Advise if anything is found on this run (check the log).
    Open Ccleaner to the TOOLS menu on the left and go to STARTUP ITEMS. Post a screenshot of the Google Chrome tab and the Scheduled Tasks tab.

    Google redirection localhost.world-ccleaner-task-tab.png
      My Computer


  9. Posts : 21
    10 64bit
       #29

    simrick said:
    Okay, let's try this:


    Uninstall all Toolbars on the system. (all users)
    Uninstall all torrenting/P2P file sharing programs.
    Uninstall all downloader programs.
    Run RKILL - post the log. (RKILL will stop all malicious and suspect running items, reset hosts, etc. It is temporary. Anything that RKILL does is undone by a reboot.)
    Run ADWCleaner again and post the new log here.
    Run JRT
    Reset all browsers on the system...Reset Edge browser
    Flush DNS
    Set your network adapter(s) to Open DNS servers:
    IPv4 = 208.67.222.222 and 208.67.220.220
    IPv6 = 2620:0:ccc::2 and 2620:0:ccd::2
    Reboot the computer.
    Run RKILL again. Advise if anything is found on this run (check the log).
    Open Ccleaner to the TOOLS menu on the left and go to STARTUP ITEMS. Post a screenshot of the Google Chrome tab and the Scheduled Tasks tab.

    # AdwCleaner v5.025 - Logfile created 17/12/2015 at 21:07:05
    # Updated 13/12/2015 by Xplode
    # Database : 2015-12-13.2 [Server]
    # Operating system : Windows 10 Pro (x64)
    # Username : Michael - MOTHERSHIP
    # Running from : D:\Michael\Downloads\adwcleaner_5.025 (2).exe
    # Option : Scan
    # Support : Forum - ToolsLib


    ***** [ Services ] *****




    ***** [ Folders ] *****


    Folder Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam


    ***** [ Files ] *****


    File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage
    File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal
    File Found : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam


    ***** [ DLL ] *****




    ***** [ Shortcuts ] *****




    ***** [ Scheduled tasks ] *****




    ***** [ Registry ] *****




    ***** [ Web browsers ] *****


    [C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pbjikboenpfhbbejgkoklgkhjpfogcam


    ########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1288 bytes] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.1 (11.24.2015)
    Operating System: Windows 10 Pro x64
    Ran by Michael (Administrator) on Thu 12/17/2015 at 21:08:18.64
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    File System: 12


    Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla (Folder)
    Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol (Folder)
    Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder)
    Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0.localstorage-journal (File)
    Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajpgkpeckebdhofmmjfgcjjiiejpodla_0.localstorage (File)
    Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage-journal (File)
    Successfully deleted: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pbjikboenpfhbbejgkoklgkhjpfogcam_0.localstorage (File)
    Successfully deleted: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37lpeheh.default\extensions\staged (Folder)
    Successfully deleted: C:\WINDOWS\SysWOW64\REN25DB.tmp (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\REN5382.tmp (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\REN62C0.tmp (File)
    Successfully deleted: C:\WINDOWS\SysWOW64\RENAAF3.tmp (File)


    Deleted the following from C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\37lpeheh.default\prefs.js
    user_pref(extensions.sovetnik.yandex.statistics.clid.21, 2238478-002);



    Registry: 0


    ----

    Chrome startup attached

    --- RKILL log here. Couldn't paste here, too long. Nothing significant there though.
    Attached Thumbnails Attached Thumbnails Google redirection localhost.world-cc.jpg  
      My Computer


  10. Posts : 16,325
    W10Prox64
       #30

    Whoa! I have never, in all my years cleaning viruses off computers, seen an RKILL log like that!
    Has your computer been running slow at all? It appears as if your entire Windows OS is loaded with reparse junctions that point to nowhere.
    Rkill 2.8.3 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software

    Program started at: 12/17/2015 09:22:09 PM in x64 mode.
    Windows Version: Windows 10 Pro

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * C:\Windows\SysWOW64\HsMgr.exe (PID: 7564) [WD-HEUR]
    * C:\Windows\System\HsMgr64.exe (PID: 7892) [WD-HEUR]

    2 proccesses terminated!
    These are nothing - video files from ASUS

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * ALERT: ZEROACCESS Reparse Point/Junction found!

    * C:\Program Files\Windows Defender\mpuxhostproxy.dll => <Unknown Target> [File]
    This legitimate dll file has a reparse point to nowhere - that is suspicious, and why I ask if your computer was running slow. Zeroaccess is part of a botnet which either runs clickfraud or bitcoin mining.

    * Reparse Point/Junctions Found (These may be legitimate)!

    * C:\WINDOWS\AppPatch\AcGenral.dll => <Unknown Target> [File]
    * C:\WINDOWS\AppPatch\AcRes.dll => <Unknown Target> [File]
    * C:\WINDOWS\AppPatch\AcSpecfc.dll => <Unknown Target> [File]....
    And the list goes on and on for reparse points-thousands of them. Honestly, I've never seen anything like this.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 209.34.83.73:443
    127.0.0.1 209.34.83.73:43
    127.0.0.1 209.34.83.73
    127.0.0.1 209.34.83.67:443
    127.0.0.1 209.34.83.67:43
    127.0.0.1 209.34.83.67
    127.0.0.1 ood.opsource.net
    127.0.0.1 199.7.52.190:80
    127.0.0.1 199.7.52.190
    127.0.0.1 OCSP.SPO1.VERISIGN.COM
    127.0.0.1 199.7.54.72:80
    127.0.0.1 199.7.54.72
    127.0.0.1 192.150.14.69
    127.0.0.1 192.150.18.101
    127.0.0.1 192.150.18.108
    127.0.0.1 192.150.22.40
    127.0.0.1 192.150.8.100
    127.0.0.1 192.150.8.118
    127.0.0.1 209-34-83-73.ood.opsource.net
    127.0.0.1 3dns-1.adobe.com

    20 out of 87 HOSTS entries shown.
    Please review HOSTS file for further entries.
    You've got a major problem with your hosts file.



    I will tell you what I would do at this point: either do a clean install, completely formatting your hard drive, or post for help at Bleeping Computer, to see if they are able to sort things.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:16.
Find Us




Windows 10 Forums